More_eggs Malware Distributed Via Spear Phishing

Apr 26, 2022 8:49:59 AM By Stu Sjouwerman

Threat actors are sending out the stealthy “more_eggs” malware in spear phishing emails that target hiring managers, according to researchers at eSentire’s Threat Response Unit (TRU).

Community Associations Confront Social Engineering

Apr 25, 2022 8:51:35 AM By Stu Sjouwerman

It’s not just deep-pocketed corporations that prove attractive targets for social engineering. Any organization that holds information that can fetch a good price in the criminal ...

LinkedIn is the Most Impersonated Brand in Phishing Attacks

Apr 21, 2022 12:25:45 PM By Stu Sjouwerman

Social media companies, particularly LinkedIn, are now the most impersonated brands in phishing campaigns, researchers at Check Point have found.

TraderTraitor: When States do Social Engineering

Apr 20, 2022 8:49:57 AM By Stu Sjouwerman

North Korea’s Lazarus Group is using social engineering attacks to target users of cryptocurrency, according to a joint advisory from the US FBI, the Cybersecurity and Infrastructure ...

FBI Warns of Bank Fraud Smishing Campaign

Apr 19, 2022 10:31:22 AM By Stu Sjouwerman

The FBI has warned of a smishing campaign that’s targeting people in the US with phony bank fraud notifications. The text messages inform users that someone has attempted to initiate a ...

Social Engineering Campaign against African Banks

Apr 18, 2022 9:40:04 AM By Stu Sjouwerman

A phishing campaign is targeting African banks with a technique called “HTML smuggling” to bypass security filters, according to threat researchers at HP.

“Being Annoying” as a Social Engineering Approach

Apr 18, 2022 8:42:15 AM By Stu Sjouwerman

Attackers are spamming multifactor authentication (MFA) prompts in an attempt to irritate users into approving the login, Ars Technica reports. Both criminal and nation-state actors are ...

Meta Stops Three Cyber Espionage Groups Targeting Critical Industries

Apr 13, 2022 4:43:06 PM By Stu Sjouwerman

Impersonating legitimate companies and using a complex mix of fake personas across Facebook, Telegram, and other platforms, these groups used social engineering to gain network access.

Social Engineering from Tehran

Apr 5, 2022 2:35:39 PM By Stu Sjouwerman

Social engineering continues to be a core component of the Iranian government’s hacking operations, according to researchers at Recorded Future.

Social Engineering by "Emergency Data Request"

Apr 4, 2022 8:50:33 AM By Stu Sjouwerman

Bloomberg has reported that forged "Emergency Data Requests" last year induced Apple and Meta to surrender "basic subscriber details, such as a customer’s address, phone number and IP ...

Cisco: Web 3.0 Will be the Next Frontier for Social Engineering and Phishing Attacks

Mar 31, 2022 11:52:59 AM By Stu Sjouwerman

A look at what makes up Web 3.0 and how it may be used includes insight into what kinds of cyberattacks may plague it, as cybercriminals look for new profitable opportunities.

Cost of Internet Crimes in 2021 Increase 64% Exceeding $6.9 Billion

Mar 31, 2022 11:52:17 AM By Stu Sjouwerman

New data from the FBI’s Internet Crime Complaint Center (IC3) shows a massive increase in the cost of internet crimes, with phishing and BEC topping the list.

FBI Warns of Phishing Attacks Targeting Election Officials

Mar 31, 2022 8:57:59 AM By Stu Sjouwerman

The FBI has issued a Private Industry Notification warning of phishing emails designed to steal login credentials from election officials. The Bureau believes these attacks will increase ...

Mobile Device Usage Have Led to Security Incidents in Nearly Half of Organizations

Mar 30, 2022 8:15:33 AM By Stu Sjouwerman

The shift in devices used by today’s workforce has resulted in increases in cybersecurity concerns and incidents, despite a majority of orgs with defined BYOD programs in place.

Email Conversation Hacking to Distribute Malware

Mar 29, 2022 9:03:08 AM By Stu Sjouwerman

Researchers at Intezer warn that attackers are hijacking email conversations to distribute the IcedID banking Trojan. This technique makes the phishing emails appear more legitimate and ...

Making Better Push-Based MFA

Mar 28, 2022 1:51:20 PM By Roger Grimes

I used to be a huge fan of Push-Based Multifactor Authentication (MFA), but real-world use has shown that most of today’s most popular implementations are not sufficiently protective ...

Buy Now, Pay Later Scams

Mar 28, 2022 9:31:28 AM By Stu Sjouwerman

Fraudsters are taking advantage of the buy-now, pay-later (BNPL) payment model, according to Jim Ducharme, COO of Outseer. On the CyberWire’s Hacking Humans podcast, Ducharme explained ...

Initial Access Broker Group Relies on Social Engineering

Mar 24, 2022 10:20:53 AM By Stu Sjouwerman

Google’s Threat Analysis Group (TAG) describes a cybercriminal group it calls “EXOTIC LILY” that acts as an initial access broker for numerous financially motivated threat actors, ...

Number of Phishing Attacks Hits an All-Time High in 2021, Tripling That of Early 2020

Mar 23, 2022 2:00:34 PM By Stu Sjouwerman

New data from the Anti-Phishing Working Group shows cybercriminals are stepping on the gas, focusing phishing attacks on credential theft and response-based scams.

Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online

Mar 22, 2022 4:10:05 PM By Stu Sjouwerman

The video uploaded to a hacked Ukrainian news website shows how far the technology has come, how it can be used in social engineering, as well as how the tech still needs to improve.

Security Awareness Training Blog

Social Engineering Blog

View Topics